From owner-freebsd-questions  Sat Jun 10 16:15:14 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from draenor.org (draenor.org [196.36.119.129])
	by hub.freebsd.org (Postfix) with ESMTP id A29E837B7AE
	for <freebsd-questions@freebsd.org>; Sat, 10 Jun 2000 16:15:08 -0700 (PDT)
	(envelope-from marcs@draenor.org)
Received: from marcs by draenor.org with local (Exim 3.14 #1)
	id 130uRI-000PX8-00; Sun, 11 Jun 2000 01:13:16 +0200
Date: Sun, 11 Jun 2000 01:13:16 +0200
From: Marc Silver <marcs@draenor.org>
To: Tyler Spivey <tyler@wapvi.bc.ca>
Cc: FreeBSD Questions <freebsd-questions@freebsd.org>
Subject: Re: ircii
Message-ID: <20000611011316.N81376@draenor.org>
References: <20000610180935.L81376@draenor.org> <Pine.LNX.4.10.10006101342590.17513-100000@viper.wapvi.bc.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2i
In-Reply-To: <Pine.LNX.4.10.10006101342590.17513-100000@viper.wapvi.bc.ca>; from tyler@wapvi.bc.ca on Sat, Jun 10, 2000 at 01:43:15PM -0700
X-Operating-System: FreeBSD 4.0-STABLE
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hey there,

Dug this up...

-----Original Message-----
From: bugzilla@REDHAT.COM [mailto:bugzilla@REDHAT.COM]
Sent: Thursday, March 30, 2000 6:41 PM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: [RHSA-2000:008-01] ircii buffer overflow


---------------------------------------------------------------------
                   Red Hat, Inc. Security Advisory

Synopsis:          ircii buffer overflow
Advisory ID:       RHSA-2000:008-01
Issue date:        2000-03-29
Updated on:        2000-03-29
Product:           Red Hat Linux
Keywords:          N/A
Cross references:  ircii 4.4M buffer dcc
---------------------------------------------------------------------

1. Topic:

A buffer overflow exists in ircii,

2. Relevant releases/architectures:

Red Hat Linux 4.2 - i386 alpha sparc
Red Hat Linux 5.2 - i386 alpha sparc
Red Hat Linux 6.0 - i386 alpha sparc
Red Hat Linux 6.1 - i386 alpha sparc
Red Hat Linux 6.2 - i386 sparc


3. Problem description:

A buffer overflow exists in ircii's dcc chat capability.
An attacker could use this overflow to execute code
as the user of ircii.

It is recommended that users of ircii update to the
fixed pacakges:

Compatibility note: ircii's library directory has
moved from /usr/lib/irc to /usr/share/irc.

[snip]

10. References:

http://www.securityfocus.com/vdb/bottom.html?vid=1046

Cheers,
Marc

On Sat, Jun 10, 2000 at 01:43:15PM -0700, Tyler Spivey wrote:
> what do you mean buffer overflow? i want to know. and, whats the internal
> ver of 4.4u


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message